Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Users Have Stronger Passwords Than Employees

Posted by Zonk on from the hardly-surprising dept.

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."

8 of 263 comments (clear)

  1. Okay... by eln · · Score: 5, Insightful

    So MySpace users are smart enough to pick somewhat secure passwords, but still dumb enough to fall for basic phishing attacks.

    It doesn't matter how strong their password is if they are still giving it to whoever asks for it.

  2. More to lose by CastrTroy · · Score: 4, Insightful

    It's because the MySpace users have more to lose. They don't want someone defacing their website. Employees on the other hand probably don't care if someone logs into their computer.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  3. Re:The Lesson? by Cat_Byte · · Score: 4, Insightful

    I tend to think people come up with a really good password, then they have to come up with 12 others in a row after each expires and disallows reusing an old one.

    --
    Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
  4. Stronger Passwords by Joe+The+Dragon · · Score: 5, Insightful

    It easy to have Strong Passwords when you don't need to change them all the time and can't reuse parts of the old password in the new password.

  5. Passwords Expire by Mr_Blank · · Score: 4, Insightful


        The corporate drones have to deal with passwords that expire every 30/60/90 days, and once expired those passwords can never be reused. So creating a hard password and then remembering it is not so trivial. The myspace users can come up with one hard password and keep it forever.

    1. Re:Passwords Expire by Otter · · Score: 4, Insightful

      That's one of the two points I was going to make; the other being that a comparison to corporate passwords from 1989 is only slightly more informative than one to passwords from 1889.

      --
      What I'm listening to now on Pandora...
  6. fear and netspeak by Kenshin · · Score: 4, Insightful

    I figure there's two main reasons for this:

    1) They're terrified of their peers breaking in and sabotaging their profiles. (I once got assaulted by a drunk girl I knew who thought I hacked her LiveJournal... which I didn't.)

    2) They can't spell worth shit, due to netspeak, so typical dictionary approaches aren't going to work.

    Also, you have to take into account the basic fact that younger people have grown up around computers, and understand the concept of passwords a bit better than your average middle-aged office worker.

    --

    Does it make you happy you're so strange?

  7. Re:The Lesson? by lpcustom · · Score: 5, Insightful

    Yeah I agree. The time limits on passwords cause most people to just come up with something easier to remember. Why should I have to change my password every 30 days if it's something like Mxo2s0LLn234aAZSQ If I can't even get it right I'm sure no one else is going to guess it. There shouldn't be a need to change it.

    --
    Beer! It's what's for breakfast!